Bringing Life to The Laptop: Kali Linux Setup

Bismillah

Greetings again, chiefomar here.

So yesterday and today were a bit interesting;

First Day of Sc..o(de): Decisions

boy in green sweater writing on white paper

Yesterday I had a great time installing Kali Linux onto my computer and choosing between Junior pen-testing and Junior SOC analyst paths on tryhackme.com.

Making the Decision

You have to read my previous blog post for this one.

Installing Kali Linux

As I was making the decision to start the journey towards either the red or blue team, I decided to pick Kali Linux full install just so I have all the tools necessary to be a hacker.

It was pretty smooth but there were errors at first:

  • Missing firmware rtw88/rtw8821C_fw.bin: Resolve this by inserting the ethernet cable, choosing the "No" option, and letting the installer find the ethernet connection for installation.

ACPI firmware bug on startup: I am looking into this one and will be updating you guys soonest possible.

Making Friends and Awkward Conversations: Day Two

two men talking

The title could be misleading but I had a 50/50 start... well re-start to the Junior Pen-testing path on TryHack me.

Awkward Conversations: Stuck at RFI

Well, I was unable to solve the RFI lab dubbed "Playground" and the "Challenges" at the end of the File inclusion room. If you don't get it fo... no go to TryHack me and learn more.

So I decided to skip this lab and move on to making new friends: SSRF

Making Friends: SSRF

I did make a new friend(learned SSRF and completed the room), but I do accept that I'll be looking into other CTFs and Labs for the same to level up.

A simple walk-through of the same is as below:

  • Definition: SSRF(Server-Side Request Forgery): is a vulnerability in a system that allows any sneaky human or bot to append or edit information in HTTP requests for any resource they want.

  • Types:

    • Regular SSRF: the sneaky one gets feedback/data they are looking for on their screen. "Now you see me."

    • Blind SSRF: the sneaky one does not get anything shown or returned on their screen. "Now you don't."

  • Impact: What can it cost a company or victim?

    • The sneaky one might get access to corners of the office they're not allowed to access(like the corner office).

    • The sneaky one will definitely get access to your personal/organization's data. "Sneaky's other computer is your computer."

    • Sneaky could sneak more across the network and do some lateral work(sneak and get more data from other devices on your network).

    • Sneaky might come across some auth tokens/credentials. "I got the keys."

  • Places to look: I know you want to be sneaky so...

    • Look for full URL addresses on parameters.

    • Use the "view page source" option to find hidden form fields.

    • A partial URL or just a hostname in the parameter section. ( pay attention to parameters in short!!)

    • And yes another parameter issue could be a path included in the URL section. Think "dst=/home/about".

  • How they defend SSRF and How To Be Sneaky about it...

    • Deny list: accept everything but the names or patterns in this list. Try and guess or brute-force other alternative references to the blocked patterns or names or places.

      • Hot tip: in the cloud try to access 169.254.169.254 to see metadata(in case they forgot to block it.)
    • Allow list: block everything but the names or patterns specified in the list. Sneaky's cousins like to register domains that start with or include the specific pattern that is in the list.

    • Get more sneaky by --> Open redirecting: This is where I send you to TryHackme to learn more

Alright Kids, See you on the next day of school!!